Application No. 09/997,409 PATENT 

Amendment dated: June 27, 2006 

Amendment under 37 CFR 1.116 Expedited Procedure 

Examining Group 2162 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 

application. 
Listing of Claims: 

1 . (Currently Amended) A computer-implemented method for modifying entries in 
an Identity System, comprising the steps of: 

creating a first entry for said Identity System, said first entry includes a first set of 
attributes based on a first set of one or more classes; and 

removing a subset of said first set of attributes from said entry after said step of 
creating said first entry wherein removing the subset of said first set of attributes comprises 
removing a first auxiliary class of one or more auxiliary classes associated with said subset of 
said first set of attributes and removing auxiliary classes that are superior to said first auxiliary 
class and that are not superior to any auxiliary classes that remain part of said entry. 

2. (Original) A method according to claim 1, wherein: 

said first set of one or more classes includes a structural class and a first set of one 
or more auxiliary classes. 

3. (Canceled) 

4. (Canceled) 

5. (Previously Presented) A method according to claim 1, wherein: 

said subset of said first set of attributes includes data stored in said attributes; and 
said step of removing a subset of said first set of attributes includes removing said 

data. 
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6. (Original) A method according to claim 1, wherein said step of removing a subset 
of said first set of attributes includes the steps of: 

identifying a set of auxiliary classes in a user interface; 

receiving a selection of one or more of said auxiliary classes via said user 

interface; and 

removing said selected one or more of said auxiliary classes. 

7. (Original) A method according to claim 1, wherein said step of removing a subset 
of said first set of attributes includes the steps of: 

identifying a set of attributes in a user interface; 

receiving a selection of said subset of said first set of attributes via said user 

interface; and 

removing said subset of said first set of attributes from said entry. 

8. (Original) A method according to claim 1, further comprising the step of: 
adding new attributes to said entry after said step of creating. 

9. (Original) A method according to claim 8, wherein: 

said step of adding new attributes includes adding one or more auxiliary classes 
associated with said new attributes to said entry. 

10. (Original) A method according to claim 8, wherein said step of adding new 
attributes includes the steps of: 

adding one or more auxiliary classes associated with said new attributes to said 

entry; and 

adding classes to said entry that are not already part of said entry and are superior 
to said one or more auxiliary classes associated with said new attributes. 
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1 1 . (Original) A method according to claim 8, wherein said step of adding new 
attributes includes the steps of: 

identifying a set of auxiliary classes in a user interface; 

receiving a selection of one or more of said auxiliary classes via said user 

interface; and 

adding said selected one or more of said auxiliary classes. 



12. (Original) A method according to claim 8, wherein said step of removing a subset 
of said first set of attributes includes the steps of: 

identifying a set of attributes in a user interface; 

receiving a selection of said new attributes via said user interface; and 

adding one or more auxiliary classes associated with said new attributes to said 

entry. 



13. (Original) A method according to claim 8, wherein: 

said steps of creating, adding and removing are performed by an integrated 
identity and access system; and 

said an integrated identity and access system is capable of evaluating said new 
attributes to authorize a user to access a resource. 



14. (Original) A method according to claim 8, wherein: 
said entry is a group entry; and 

at least one of said new attributes stores a rule defining dynamic membership for 
said group entry. 

15. (Original) A method according to claim 8, wherein: 
said entry is a group entry; and 

at least one of said new attributes stores a subscription policy for said group entry. 
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16. (Original) A method according to claim 1, wherein: 

said steps of creating and removing are performed by an integrated identity and 

access system. 

17. (Original) A method according to claim 1, wherein: 
said entry is a group object; and 

said step of creating includes instantiating said group object. 

18. (Original) A method according to claim 1 7, wherein: 

said step of removing includes a step of removing one or more auxiliary classes 
from said group object, said one or more auxiliary classes are associated with said subset of said 
first set of attributes. 

19. (Original) A method according to claim 18 wherein said step of removing one or 
more auxiliary classes from said group object includes the steps of: 

removing a first auxiliary class associated with said subset of said first set of 

attributes; and 

removing classes that are superior to said first auxiliary class and that are not 
superior to any auxiliary classes that remain part of said entry. 

20. (Original) A method according to claim 17, further comprising the step of: 
adding new attributes to said entry after said step of creating, said step of adding 

new attributes includes adding one or more auxiliary classes associated with said new attributes 
to said entry. 

2 1 . (Original) A method according to claim 1 7, wherein: 
said group object is stored in an LDAP directory. 
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22. (Previously presented) One or more processor readable storage devices having 
processor readable code embodied on said processor readable storage devices, said processor 
readable code for programming one or more processors to perform a method comprising the 
steps of: 

creating a first entry for said Identity System, said first entry includes a first set of 
attributes based on a first set of one or more classes; and 

removing a subset of said first set of attributes from said entry after said step of 
creating said first entry wherein removing the subset of said first set of attributes comprises 
removing a first auxiliary class of one or more auxiliary classes associated with said subset of 
said first set of attributes and removing auxiliary classes that are superior to said first auxiliary 
class and that are not superior to any auxiliary classes that remain part of said entry. 

23. (Canceled) 

24. (Canceled) 

25. (Original) One or more processor readable storage devices according to claim 22, 
wherein said method further comprises the step of: 

adding new attributes to said entry after said step of creating, said step of adding 
new attributes includes adding one or more auxiliary classes associated with said new attributes 
to said entry. 

26. (Original) One or more processor readable storage devices according to claim 25, 
wherein said step of adding new attributes includes the steps of: 

adding one or more auxiliary classes associated with said new attributes to said 

entry; and 

adding classes to said entry that are not already part of said entry and are superior 
to said one or more auxiliary classes associated with said new attributes. 
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27. (Original) One or more processor readable storage devices according to claim 22, 
wherein: 

said steps of creating and removing are performed by an integrated identity and 

access system. 

28. (Original) One or more processor readable storage devices according to claim 22, 
wherein: 

said entry is a group object; and 

said step of creating includes instantiating said group object. 

29. (Original) One or more processor readable storage devices according to claim 28, 
wherein: 

said step of removing includes a step of removing one or more auxiliary classes 
from said group object, said one or more auxiliary classes are associated with said subset of said 
first set of attributes. 

30. (Original) One or more processor readable storage devices according to claim 29, 
wherein said step of removing one or more auxiliary classes from said group object includes the 
steps of: 

removing a first auxiliary class associated with said subset of said first set of 

attributes; and 

removing classes that are superior to said first auxiliary class and that are not 
superior to any auxiliary classes that remain part of said entry. 

3 1 . (Original) One or more processor readable storage devices according to claim 28, 
wherein said method further comprises the step of: 

adding new attributes to said entry after said step of creating, said step of adding 
new attributes includes adding one or more auxiliary classes associated with said new attributes 
to said entry. 
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32. (Original) One or more processor readable storage devices according to claim 28, 
wherein: 

said group object is stored in an LDAP directory. 

33. (Previously presented) An apparatus that can be used to manage Identity System 
entries, comprising: 

a communication interface; and 

one or more processors in communication with said communication interface, 
said one or more processors perform a method comprising the steps of: 

creating a first entry for said Identity System, said first entry includes a 
first set of attributes based on a first set of one or more classes, and 

removing a subset of said first set of attributes from said entry after said 
step of creating said first entry wherein removing the subset of said first set of attributes 
comprises removing a first auxiliary class of one or more auxiliary classes associated with said 
subset of said first set of attributes and removing auxiliary classes that are superior to said first 
auxiliary class and that are not superior to any auxiliary classes that remain part of said entry. 

34. (Canceled) 

35. (Canceled) 

36. (Original) An apparatus according to claim 33, wherein said method further 
comprises the step of: 

adding new attributes to said entry after said step of creating, said step of adding 
new attributes includes adding one or more auxiliary classes associated with said new attributes 
to said entry. 

37. (Original) An apparatus according to claim 36, wherein said step of adding new 
attributes includes the steps of: 
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adding one or more auxiliary classes associated with said new attributes to said 

entry; and 

adding auxiliary classes to said entry that are not already part of said entry and are 
superior to said one or more auxiliary classes associated with said new attributes. 

38. (Original) An apparatus according to claim 33, wherein: 

said steps of creating and removing are performed by an integrated identity and 

access system. 

39. (Original) An apparatus according to claim 33, wherein: 
said entry is a group object; and 

said step of creating includes instantiating said group object. 

40. (Original) An apparatus according to claim 39, wherein: 

said step of removing includes a step of removing one or more auxiliary classes 
from said group object, said one or more auxiliary classes are associated with aid subset of said 
first set of attributes. 



41 . (Original) An apparatus according to claim 40 wherein said step of removing one 
or more auxiliary classes from said group object includes the steps of: 

removing a first auxiliary class associated with said subset of said first set of 

attributes; and 

removing auxiliary classes that are superior to said first auxiliary class and that 
are not superior to any auxiliary classes that remain part of said entry. 

42. (Original) An apparatus according to claim 39, wherein said method further 
comprises the step of: 
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adding new attributes to said entry after said step of creating, said step of adding 
new attributes includes adding one or more auxiliary classes associated with said new attributes 
to said entry. 

43. (Original) An apparatus according to claim 39, wherein said group object is stored 
in an LDAP directory. 
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